Blog ISO20000:2018 – What’s New?

It’s Been “Annex SL-ed”

The major part of the update will come as no surprise to anyone familiar with ISO management system standards and the “Annex SL” or “High Level Structure” concept. This is the idea that all ISO standards that have a management system should be as similar as possible so that running an integrated management system across multiple standards (such as ISO20000 and ISO27001, or ISO9001) becomes easier. So the format and structure of the new ISO20000:2018 now has the same headings and, in many cases wording, as other standards that have been similarly “Annex SL-ed” over the last few years (which is now pretty much all of them – ISO20000 was late to the party).

Headline Changes

The Context section is new to ISO20000 and requires that the internal and external issues that may affect the Service Management System (SMS) are defined, along with the interested parties and their requirements. There is more emphasis on risk management at various levels and a requirement to consider opportunities (i.e. “good risks”) as well. References to Plan-Do-Check-Act which played a major part in the 2011 version have been removed to allow the use of whichever improvement method you prefer.

IT Service Management Processes

The body of the IT service management-related requirements are now in Section 8 – Operation, under the following sub-headings:

8.1 Operational planning and control

8.2 Service portfolio

8.3 Relationship and agreement

8.4 Supply and demand

8.5 Service design, build and transition

8.6 Resolution and fulfilment

8.7 Service assurance

The IT service management areas and processes covered by the new version remain pretty much the same, with the addition of knowledge, demand and asset management which now have brief sections to themselves. Incident and service request management have been separated from each other, as have availability and service continuity management. Service reporting has been moved to Section 9 and generalised in favour of more specific reporting requirements being located in the relevant process sections themselves.

Our View

In general, it’s fair to say that many areas have been simplified and generalised, with fewer specific requirements that need to be met, although the base principles of each area have been maintained. Some of the requirements that have caused difficulties in the past have been removed or toned down – for example the list of items that must be included in a service contract has been reduced and the need to know about subcontractors is no longer included.

For those organizations that are already certified to ISO20000 and have a reasonably mature SMS in place, the 2018 version won’t present them with many difficulties, representing as it does more of a rejig of the headings than an addition of any significantly new material.

The previous update from the 2005 to the 2011 version made ISO20000 more difficult and possibly put many organizations off the idea of going for certification. With the 2018 version however, a fair balance has been struck between simplifying the main process requirements whilst still covering the subject adequately so that certification to ISO20000 still means something. And the fact that it now has the same management system structure as other standards makes it easier to integrate as part of an overall ISO-based approach to organisation management and improvement.

In summary, ISO has done a good job.

More ISO20000 Resources

CertiKit is a provider of ISO toolkits, consultancy and internal auditing services, and has helped more than 4000 organizations worldwide with their compliance.

For more guidance on implementing the ISO20000:2018 standard, we’ve put together a list of our best free resources including sample documents, blogs and downloadable documents.

Free ISO20000 Resources